CloudOps & Infrastructure

Technology

67AWS Accounts

67 AWS accounts discovered in 2.67 seconds. Terraform + CDK with 3-tier testing. Docker-first supply chain.

⚡ First org-wide inventory in <10 seconds via Config Aggregator

AI agents build governed & Humans ship trusted. 80% autonomy & 100% accountability.

Section Four (Ch.17-23)

Technology for Speed and Distributed Innovation

“The objective for technology is to make it easy for your pods to constantly develop and release digital and AI innovations to customers and users. Seven broad capabilities are needed to build a technology environment that can support a digital transformation.”

A more surgical and value-backed approach to cloud. The automation of software development and deployment is fundamental to building and releasing high-quality software. ADLC delivers this through Docker-first enforcement (nnthanh101/* only), Local-First Hybrid-Cloud (Docker/K3D -> AWS), and multi-account landing zones with READONLY-safe automation.

Source: Rewired: The McKinsey Guide to Outcompeting in the Age of Digital and AI (Lamarre, Smaje, Zemmel, 2023)

Platform Evolution

IaC generation improves with each Claude release — more accurate Terraform modules, better CDK constructs. NemoClaw adds kernel-level security validation for agent-generated infrastructure.

Component Map

12 components implementing this pillar

Type	Name	Why	Business Value
Agent	`infrastructure-engineer (sonnet)`	CDK + Terraform IaC for multi-account AWS landing zones	GitOps reproducibility — every resource declaratively defined
Agent	`kubernetes-engineer (sonnet)`	K3s + ArgoCD + Helm for containerised workloads	Platform engineering that scales from laptop to prod
Command	`/terraform:test`	3-tier testing: functional, integration, E2E	Security issues caught before terraform plan
Command	`/terraform:cost`	Infracost pre-deploy cost estimation with FOCUS compliance	FinOps integrated into IaC review — no surprise bills
Command	`/cdk:synth`	CDK synthesis with cdk-nag security checks	APRA CPS 234 alignment verified at synth time
Command	`/devcontainer:validate-registry`	Scan all FROM and image: references for registry compliance	Supply chain integrity — blocked registries caught in PR
Command	`/kubernetes:deploy`	ArgoCD application sync with health checks	Zero-downtime deployments with automated rollback
Command	`/inventory:lz-cross-validate`	READONLY multi-account inventory cross-validation	Config Aggregator org-wide — 67 accounts in <10 seconds
Skill	`aws-health-event-triage`	EC2 health event investigation workflow	REBOOT_FIRST_DECOMMISSION_SECOND anti-pattern eliminated
Skill	`terraform/deploy-lifecycle`	Terraform module publish and deploy lifecycle patterns	Registry-to-production pipeline with 3-tier testing
Hook	`enforce-container-first.sh`	Block bare-metal tflint/checkov/terraform on host	Reproducible validation — same result on every machine
Hook	`enforce-docker-registry.sh`	Block non-compliant container registry references	SLSA Level 2+ provenance — only signed enterprise images

Risk & Scalability

What happens without this pillar, and why ADLC scales from 1 person to enterprise

What if you skip?

McKinsey identifies seven capabilities needed for technology environments (Rewired S4, p.170): decoupled architecture, surgical cloud, engineering practices, developer productivity, production-grade solutions, security from the start, and MLOps. Without this pillar, infrastructure becomes the bottleneck that prevents all other pods from innovating.

Scalability

Docker-first enforcement and 3-tier IaC testing work identically on a laptop and in CI/CD. Config Aggregator discovers resources org-wide regardless of account count. The infrastructure tooling scales with the cloud footprint.